It is standard procedure that a release of an apache project must be obtained and obtainable via Apache controlled resources. Having a "nod and a wink" release on Pypi defeats that whole purpose.
It is best to take the time and effort required to create a LICENSE which is accurate and repeatable as well as one that reflects "reality" as far as what licensing considerations *actual* users of Superset need to worry about ;) > On Sep 21, 2018, at 11:44 AM, Maxime Beauchemin <[email protected]> > wrote: > > Superset Apache mentors (Ashutosh Chauhan, Luke Han, Jim Jagielski, Sameer > Paranjpye), we'd love to get guidance here. Do we need to sort out license > (which to me means crafting a LICENSE file that ships with the release) for > a convenience release that would include the JS bundles? > > If we do need it, given the complexity around a complex and evolving > dependency tree, I think we should just do a "not-so-convenient" release on > Pypi (on top of the official ASF svn repo release) that can fetch and build > the JS deps. Imagine a "superset build" CLI command that would operator in > `~/.superset` (install npm, npm install, npm run build, ...) > > Thoughts? > > Max > > On Tue, Sep 18, 2018 at 8:52 AM Maxime Beauchemin < > [email protected]> wrote: > >> I did some work in unfolding the JS dependency tree and classifying it by >> license string here: >> https://github.com/apache/incubator-superset/pull/5801 >> >> Highlighting the JS libs that would need more research: >> >> 'MIT*': {'expect.js', >> 'mapbox-gl', >> 'optimist', >> 'split', >> 'trim', >> 'typed-function'},'CC0-1.0': {'string-hash'}, >> 'Custom: http://badges.github.io/stability-badges/dist/stable.svg': { >> 'gl-mat3','gl-vec2', 'gl-vec3'},'Apache*': {'mousetrap', 'fuse.js'}, >> >> >> Looking at this, it's tempting to just not package the JS bundles and >> instead just make it easy for people to make their own builds. One of the >> questions is around the amount of latitude we have around convenience >> releases (on Pypi). >> >> Max >> >> On Tue, Sep 18, 2018 at 1:24 AM Justin Mclean <[email protected]> wrote: >> >>> Hi, >>> >>>> I have found many of our JS lib have unclear licenses. Strings like >>> "MIT or GPL" >>> >>> That probably OK as it's dual licensed and you can pick the most >>> favourable one. >>> >>>> or "BSD*" which when digging means something like "BSD with LLVM >>> clause". >>> >>> That may be an issue but we would need to look at the actual license text >>> and perhaps ask on legal discuss. >>> >>> Note that even the source release cannot have a dependancy on a Category >>> X license (with some exceptions for optional items and build tools). >>> >>> Thanks, >>> Justin >>> >>
